Millions of Smartphones Could Be Vulnerable to Hacking via Sound Waves

Scientists have found a new vulnerability in a common tech component, uncovering a security flaw that could expose potentially millions of smartphones, fitness wearables, and even cars to hacking.

By using sound waves, researchers have figured out how to trick accelerometers – the tiny sensors in gadgets that detect movement – into registering a fake motion signal, which hackers could exploit to take control of our devices.

“It’s like the opera singer who hits the note to break a wine glass, only in our case, we can spell out words,” computer scientist Kevin Fu from the University of Michigan told The New York Times.

“You can think of it as a musical virus.”

The sensors that Fu’s team investigated are called capacitive MEMS accelerometers, which register the rate of change in an object’s speed in three dimensions.

It’s these sensors that can tell which way you’re holding or tilting your smartphone or tablet, and count the steps you take using an activity tracker.

But they’re not just used in consumer gadgets – they’re also embedded in the circuits of things like medical devices, vehicles, and even satellites – and we’re becoming more reliant on them all the time.

“Tomorrow’s devices will aggressively rely on sensors to make automated decisions with kinetic consequences.”

But accelerometers have an Achilles heel: sound. By precisely tuning acoustic tones to the right frequency, Fu’s team was able to deceive 15 out of 20 different models of accelerometers from five different manufacturers, and control output from the devices in 65 percent of cases.

Accelerometers may enable some high-tech functionalities, but the principle is fundamentally simple – using a mass suspended on springs to detect changes in speed or direction. But those measurements can effectively be forged if you use the right sonic frequency to fool the tech.

“The fundamental physics of the hardware allowed us to trick sensors into delivering a false reality to the microprocessor,” Fu explains.

Once they figured out what the frequencies were to manipulate the sensors, they were able to trick a Fitbit into counting thousands of steps that were never taken; pilot a toy car by taking control of a smartphone app; and even use a music file to make a Samsung Galaxy S5 crudely write out a word (“Walnut”) in a graph of its accelerometer readings.

The tech used to hijack these devices wasn’t high-end audio gear either. In one case, the researchers used a US$5 external speaker; in another, a smartphone played a sound file on its own internal speaker and effectively hacked itself.

While all these proofs-of-concept were fairly harmless demonstrations of the technique, the researchers warn that it could easily be used for malicious and potentially very dangerous purposes.

“If a phone app used the accelerometer to start your car when you physically shake your phone, then you could intentionally spoof the accelerometer’s output data to make the phone app think the phone is being shaken,” one of the team, Timothy Trippel, told Gizmodo.